[Spambayes] Whitelisting
Tim Peters
tim.one at comcast.net
Mon Apr 12 11:24:43 EDT 2004
[Cedric Beust]
> Spoofing is simple indeed, but I don't believe it's very common for
> spammers to impersonate people that I know, and I actually don't
> think it ever happened to me. Spams are delivered blindly, so the
> odds that the forged From: will match someone from my Address Book
> are very slim.
Open Source software is developed by people scratching their own itches (and
it can't be otherwise, since nobody is paid to endure things they don't want
to do). While I wouldn't object to adding whitelist gimmicks, I won't work
on them, because they'd be a net loss for me (I wouldn't use them).
Developers may have a different view of this than most users -- because I
work on open source software, I know a lot of other open source developers,
and our email addresses are all over the web. As a result, I get a lot of
spam, and especially viruses, claiming to be sent from people I know
(including direct coworkers, bosses, and the company president). I even get
viruses and spam claiming to come from me (but I don't remember sending them
<wink>). So what spambayes does now is exactly right for me: the person a
thing claims to come from is *a* clue, but just one clue, and is tossed in
the pot with all the other clues.
> ...
> All of this could be avoided if SpamBayes did Address Book
> whitelisting, like Thunderbird
Someone would have to contribute code to do it. Note that there are
increasing problems trying to access the address book, because every Outlook
service pack makes that harder to do (accessing the Windows address book is
most associated with viruses).
Note that at least one commercial product building on the spambayes codebase
does have whitelist gimmicks now:
http://www.inboxer.com/
So you can have it now, if you're willing to pay for it.
More information about the Spambayes
mailing list